How Secure Is Google Chrome's Incognito Mode?

Wednesday, October 28, 2015

chromeprivacysecurity

Out of all of the web browsers available, Google Chrome continues to be the most popular browser, a title it won in 2012 and has continued on hold through 2015. Possibly the driving forces behind Google Chrome’s rising popularity is its Incognito Mode and the widespread reputation of Google. There’s also its integration of Chrome into devices, such as Chromebooks and Android based devices.

But what exactly is Incognito Mode? Other browsers refer to it as “private browsing,” which simply means that your browser does not save your activities. When visiting a website, your browser normally remembers that you visited, information you typed into certain forms (such as passwords, addresses, names, etc.), in addition to other bits of data, such as cookies and cached information. Incognito Mode disables the saving of this data.

The idea is that by doing so, you’ll avoid security mistakes more easily. Someone accessing your computer, for instance, would have no browsing history to identify the websites you’d been visiting in your previous session. Because your passwords are not recorded or saved, malicious parties cannot obtain them either.

On the surface, Incognito Mode appears to offer at least some form of extra security for the user. It could be particularly useful for home computers where there are multiple users and one does not wish the others to know what they’ve been using the computer for. Unfortunately, Incognito Mode, while effective for that, leaves some very large security vulnerabilities unchecked.

Server Side Identification

Google itself has admitted that while Incognito Mode does avoid the pitfall of saving what you’ve been doing on your PC, it does nothing for the opposite end of the spectrum. Any website you visit still has a log of your IP address having visited, what time you visited, and what links you clicked on the page. It’s even been suggested that because of subtle differences in the interface of Incognito Mode and other private browsing sessions (such as link colors), websites may be able to specifically tell that you were using Incognito Mode when you visited!

Inevitably, your ISP also typically has a log of everything you’ve been doing online as well. Any websites you’ve accessed are going to be known to them because they are the ones connecting you to the internet. If you’re browsing the internet on someone else’s WiFi (for instance, your employer’s internet), your activity may also be monitored or recorded.

Because Incognito Mode only blocks what the browser itself saves, these outside sources are literally unaffected. Unfortunately, that is only the beginning of the vulnerability inherent in not only Google Chrome’s private browsing, but in the private browsing of other services as well.

Client Side Vulnerabilities

The good news is that Incognito Mode disables browser extensions, which have been the subject of security vulnerabilities in the past. Extensions, while useful, can potentially be used to log or otherwise monitor browser activity when activated. Google Chrome now disables them when you engage in a private session.

What it fails to do, however, is keep you from leaving a regular browser open. Because a regular browser doesn’t disable extensions, those extensions can still be used to track what you’re doing, even in your Incognito browser. This risk can be minimized by closing your other browser before engaging Incognito Mode or disabling extensions.

Your computer may share some responsibility for other security vulnerabilities, as it keeps logs of your DNS activity, while other bits of data may be stored temporarily in the computer’s memory. Though this information will disappear with time, it can still be temporarily accessed by interested parties.

Malware can also threaten just about anything Incognito Mode offers in terms of security. This is because certain types of malware not only log your activity, but also actively send that data to foreign computers. This can be used to steal logins, passwords and other sorts of crucial information that you might hope to hide by using Incognito Mode.

I recommend installing a good anti-virus program, preferably something free if the device is non-commercial. Companies such as Avast and Panda offer free licenses of their software for personal use and have been measured to be highly effective. They do offer paid versions if you need additional security, but the free versions are usually enough.
The software is also available for mobile devices, not just home PCs.

Other Software

Incognito Mode is by no means a bad feature; it may not be perfect, but it certainly increases the privacy of any device it’s being used on. If you’re also interested in security on the outside (protection from website monitoring, etc.), there is another service you can use on top of Incognito Mode.

A Virtual Private Network (VPN) service prevents some of the security vulnerabilities described above by connecting you to a remote server before the rest of the internet. The remote server becomes the IP address listed when connecting to websites, and because it is shared by other users, your specific traffic cannot be tracked by your IP address.

VPNs also encrypt your connection meaning information you send and receive will only be readable by you. Hackers and other criminals or even monitoring services will not be able to interpret the information unless an inordinate amount of time is spent cracking the encryption. As public WiFi is frequently subject to monitoring (both legally and illegally), you’ll be able to access it with considerably improved safety.

Proxies may also be used, but their lack of reliability and encryption may reduce their overall effectiveness. Although a VPN typically costs money, most are fairly affordable, and the added security is usually worthwhile.
Firewalls can help prevent intrusions on your local network and prevent hackers from spying on your activities. They are effective when combined with the other security software already mentioned above. A firewall hides your computer’s “ports” and closes openings to keep the bad guys out.

Conditional Safety

There is no such thing as absolute security online. Security vulnerabilities are constantly being discovered in old code and software by opportunistic hackers looking to steal information or stir up trouble, but that doesn’t mean you shouldn’t stay on top of it.

Features such as Chrome’s Incognito Mode are a definite step in the right direction for maintaining privacy. Preventing your browser from storing basic information can reduce the likelihood of important passwords or login information from being taken. It can also keep the busybodies you live or work with from prying into your personal life!

Just remember that you’ll need other forms of security software if you want to maximize your privacy and security. VPNs, anti-virus software and firewalls combined with smart practices such as logging out and requiring strong passwords to access your computer or accounts will further cement you in a secure position.

If nothing else, beware of complacency. Fancy features are no substitute for common sense. Even the most advanced computer user can fall into the trap of believing they are immune from basic mistakes.

Have you ever browsed using Incognito Mode? What about another browser’s private mode? Share in the comments how you keep your browsing sessions secure.

About the Author: Caroline is a blogger and writer for SecureThoughts.com, an internet security website that provides reviews, tips, and news related to protecting your privacy on the net. Her main area of expertise is in internet safety, but she also enjoys writing about technology and encourages others to take interest in how to safe-guard their personal information online.